DoD Internet Protocol Version 6 (IPv6) Contractual Language

Transcription

1 DoD Internet Protocol Version 6 (IPv6) Contractual Language 1. Purpose: Contents of this document shall be incorporated in Government Acquisition Programs, Procurements, Services, and Contracts (including Licensing Contracts) to ensure compliance with DoD policies on IPv6 applicable to all DoD Information Technology (IT) infrastructure and programs. 2. Objective: Specify and integrate Government IPv6 requirements in all goods and services procured by the Government to migrate DoD networks, systems, services, and applications to IPv6. 3. General Requirement: The Government Acquisition Personnel and Government Contractors shall incorporate the IPv6 requirements described in this document into the procurement, design, configuration, implementation, operation, and management of DoD IT acquisitions and procurement. The IPv6 requirements only apply to IT infrastructure, networks, systems and programs using internet protocol. The Contractor shall provide a migration and transition path to IPv6 given the existing IPv4 infrastructure. The Contractor shall develop the needed documentation for its respective products and services to support the DoD s implementation of IPv6, and/or update existing documentation to reflect IPv6 implementation. 4. DoD Specific IPv6 Requirements: In accordance with the Office of Management and Budget (OMB) Memorandum M to migrate to IPv6 and the DoD CIO implementation policies for IPv6, contractors, vendors, and service providers (thereafter referred to as vendors) shall comply with the two requirements for IPv6. The first requirement addresses acquiring IPv6 Capable products and services (including software and hardware licenses). The second requirement addresses implementation of IPv6 in DoD networks, systems, and programs. Documents DoD CIO Memorandum, DoD Internet Protocol Version 6 (IPv6) Definitions, dated 26 June DoD CIO Memorandum, DoD Internet Protocol Version 6 (IPv6) Implementation, dated 6 February IPv6 Extracts from Public Law (FY05) and (FY06). OMB Memorandum M-05-22, Transition Planning for Internet Protocol Version (IPv6), dated 2 August OMB 28 September 2010 Directive, Transition to IPv6. Links kt_path_info=ktcore.actions.document.view&f DocumentId= DocumentId= (must click download to view document) ded_public_law_ _sec_331_%26_ _sec_221.doc m0522.pdf Transition_to_IPv6_28Sept2010.pdf DoD IPv6 Transition Office (DITO) 1/8 8 October 2010; Version 2.0

2 DoD Internet Protocol Version 6 (IPv6) Contractual Language DoD CIO Memorandum, DoD Internet Protocol Version 6 (IPv6) Interim Transition Guidance, dated 29 September DoD CIO Memorandum, DoD Internet Protocol Version 6 (IPv6), dated 9 June Item III Internet Protocol Version 6(IPv6) (FAR Case ) DocumentId= (must click download to view document) DocumentId= (must click download to view document) 10/pdf/E pdf (certified by pkisupport@gpo.gov) 4.1. IPv6 Capable Compliance (for products, services, and licenses) Requirement. The vendor's solution shall be in compliance with all applicable Federal and DoD IPv6 policies and the DoD IPv6 Capable definitions as specified in the DoD CIO Memorandum, DoD Internet Protocol Version 6 (IPv6) Definitions, dated 26 June A partial excerpt from the DoD IPv6 Capable Definitions memo articulates: "IPv6 Capable Products shall be able to interoperate with other IPv6 Capable Products on networks supporting only IPv4, only IPv6, or both IPv4 and IPv6, and shall also: - Conform with the requirements of the DoD IPv6 Standard Profiles for IPv6 Capable Products document contained in the DISR - Possess a migration path and/or commitment to upgrade from the developer (company Vice President, or equivalent, letter) as the IPv6 standard evolves - Ensure product developer IPv6 technical support is available. - Conform to National Security Agency (NSA) and/or Unified Cross Domain Management Office requirements for Information Assurance products" Deliverables for IPv6 Capable Compliance: IPv6 Letter of Compliance with the DoD IPv6 Standards Profile as documented in the DoD IT Standards Registry (DISR). Refer to: IPv6 Letter of Commitment to upgrade as the IPv6 standard evolves (from the company s Vice President or equivalent). DoD IPv6 Transition Office (DITO) 2/8 8 October 2010; Version 2.0

3 DoD Internet Protocol Version 6 (IPv6) Contractual Language 4.2 IPv6 Implementation Compliance (for DoD Networks, Programs, and Systems) Requirement. Contractors shall provide documentation, and/or update existing documentation, to show the migration path for IPv6 and the phased implementation of IPv6 for their respective products and services. The Contractor shall update existing documentation. A partial excerpt from the DoD IPv6 Capable Definitions memo articulates: "An IPv6 Capable Network shall be ready to have IPv6 enabled for operational use, when mission need or business case dictates. Specifically, an IPv6 Capable Network must: - Use IPv6 Capable Products - Accommodate IPv6 in network infrastructure, services, and management tools and applications - Conform to DoD and NSA-developed IPv6 network security implementation guidance Deliverables for IPv6 Implementation Compliance: IPv6 Implementation Plan/Schedule showing the design and phased implementation of IPv6 support within respective products and services, over time (including risks and dependencies) When requested by TM/COR, DoD Architectural Framework (DODAF) Views showing IPv6 design & implementation in support of DoD System or Program. When requested by TM/COR, Information Support Plan (ISP) showing the integrated NETOPS of Networks and Systems for both IPv4 and IPv6 environments Federal Acquisition Regulation (FAR) Case , Internet Protocol Version 6 (IPv6), dated December 10, Adopts the proposed rule published in the Federal Register at 71 FR 50011, August 24, 2006, as a final rule with minor changes. This final rule amends FAR parts 7, 11, 12, and 39 to require Internet Protocol Version 6 (IPv6) compliant products be included in all new information technology (IT) procurements requiring Internet Protocol (IP): Acquisition documents shall include a paragraph discussing IPv6 compliance for information technology acquisitions using Internet Protocol; Acquisition documents must include the appropriate IPv6 compliance requirements in accordance with the Agency s Enterprise Architecture, unless a waiver to the use of IPv6 has been granted, and DoD IPv6 Transition Office (DITO) 3/8 8 October 2010; Version 2.0

4 DoD Internet Protocol Version 6 (IPv6) Contractual Language Agencies must include the appropriate Internet Protocol compliance requirements consistent with FAR regarding information technology acquisitions using Internet Protocol. 5. IPv6-Related Contract Deliverables Deliverable Title IPv6 Letter of Compliance (for products, services, and licenses) IPv6 Letter of Commitment (for products, services, and licenses; issued by vendor s Vice President or equivalent) IPv6 Implementation Plan/Schedule (for networks, programs, and systems) DODAF Views (for networks, programs, and systems) Information Support Plan (ISP) (for networks, programs, and systems) Format Contractor-Proposed based on the below: oduct_profile_v3_draft.pdf Contractor-Proposed, Government-Approved Contractor-Proposed, Government-Approved COR/TM-Provided COR/TM-Provided 6. IPv6 Warranty Language. The vendor/contractor will warrant that items delivered shall be IPv6 capable. Warranties will vary depending on the equipment, products or services to be provided. Sample warranties are included in Appendix A to be used or modified as necessary depending on the type or procurement and contract. 7. Waivers. Waivers for non-ipv6 capable IT networks, systems, services, and applications need to be coordinated with the Organization s respective IPv6 Transition Office, usually located within the Organization s CIO. Waivers will require the approval of the Organization s CIO or equivalent office. This includes cases where procuring, acquiring or developing IPv6 capability is not currently possible or planned (e.g., due to lack of funding, products or development timeline). Possible rationales for waivers include the following criteria: Profound Operational Need Understood and Tolerable impact on Organization s IT architecture Business Case, including long-term resource implications across the enterprise The waiver should indicate how long a waiver should be granted for new systems. For legacy systems the waiver should indicate how long it should be granted or if it is a request until the end of the life cycle for the system. A sample waiver form is provided in Appendix B. DoD IPv6 Transition Office (DITO) 4/8 8 October 2010; Version 2.0

5 Internet Protocol Version 6 (IPv6) Contractual Language APPENDIX A: Sample Warranty Language IT Equipment Warranty The vendor/contractor warrants that each item delivered under this contract shall be able to accurately transmit, receive, process, and function correctly using the Internet Protocol Version 6 (IPv6). Specifically, the vendor/contractor warrants that: 1) Each item delivered complies with the current Defense IT Standards and Profile Registry (DISR) developed DoD IPv6 Standards Profiles for IPv6 Capable Products 2) Each item delivered maintains interoperability with IPv4 (specifically, is able to operate on/coexist on a network supporting IPv4 only, IPv6 only, or a hybrid of IPv4 and IPv6) 3) Each item delivered is supported by the contractors IPv6 technical support If the contract requires that specific listed products must perform as a system, then the above warranty shall apply to those listed products as a system. The duration of this warranty and the remedies available to the Government for breach of this warranty shall be as defined in, and subject to, the terms and limitations of the contractor's standard commercial warranty or warranties contained in this contract, provided that notwithstanding any provision(s) to the contrary in such commercial warranty or warranties, the remedies available to the Government under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the contractor in writing within one year after acceptance. Nothing in this warranty shall be construed to limit any rights or remedies the Government may otherwise have under this contract with respect to defects other than IPv6 performance. Internet Service Provider (ISP) Warranty The Internet Service Provider (ISP) warrants that connection service delivered to [Organization name.] shall be able to accurately transmit, receive, and function correctly using the Internet Protocol Version 6 (IPv6). Specifically, the ISP warrants that: 1) Their service complies with the IETF guidelines for Internet Protocol Version 6 (IPv6) Standard (RFC 2460) 2) The ISP has established IPv6 connectivity to its upstream providers and peers either directly or at Internet Exchange Points (IX) 3) The ISP can advertise routes to the Organization s IPv6 address space 4) Any additional services specified in the contract, such as multicasting support or mobility, will be compliant with the IPv6 versions of those services as specified by the IETF 5) Service delivered is supported by the ISP s IPv6 technical support DoD IPv6 Transition Office (DITO) A-5/8 8 October 2010; Version 2.0

6 Internet Protocol Version 6 (IPv6) Contractual Language APPENDIX A: Sample Warranty Language Additionally, as IPv6 evolves, the ISP commits to upgrading or providing an appropriate migration path for each network service delivered under this contract. The duration of this warranty and the remedies available to the Government for breach of this warranty shall be as defined in, and subject to, the terms and limitations of the contractor's standard commercial warranty or warranties contained in this contract, provided that notwithstanding any provision(s) to the contrary in such commercial warranty or warranties, the remedies available to the Government under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the contractor in writing within one year after acceptance. Nothing in this warranty shall be construed to limit any rights or remedies the Government may otherwise have under this contract with respect to defects other than IPv6 performance. IPv6 Software Warranty The vendor/developer/contractor confirms that software delivered to the Organization shall be fully dual stacked and able to accurately transmit, receive, process, and function correctly using the Internet Protocol Version 6 (IPv6). Specifically, the vendor/developer states that: 1) All user functions (data plane) of the application which utilize an IP network service comply with the IETF guidelines for data exchange over Internet Protocol Version 6 (IPv6) Standard (RFC 2460) 2) Unless sold as an IPv6-Only product, this IPv6-capable software is fully dual stacked to maintain interoperability with IPv4. Specifically, the software is able to operate on/coexist on a network supporting IPv4 only, IPv6 only, or a network supporting both IPv4 and IPv6 3) Each software item delivered is supported by the vendor/developer s IPv6 technical support This statement covers functions of the application, any supporting applications, network services the application calls such as RPC or DNS, and any software update functions used by the vendor/developer s software. If some functions work in IPv6 while others require IPv4, the application is considered partially dual stacked with IPv4 dependencies. Additionally, as IPv6 evolves, the vendor/developer/contractor commits to upgrading or providing an appropriate migration path for each piece of software delivered under this contract as long as the Organization continues to purchase maintenance and upgrade licenses. The duration of this warranty and the remedies available to the Government for breach of this warranty shall be as defined in, and subject to, the terms and limitations of the contractor's standard commercial warranty or warranties contained in this contract, provided that notwithstanding any provision(s) to the contrary in such commercial warranty or warranties, the remedies available to the Government under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the contractor in writing within one year after acceptance. Nothing in this warranty shall be construed to limit any rights or remedies the DoD IPv6 Transition Office (DITO) A-6/8 8 October 2010; Version 2.0

7 Internet Protocol Version 6 (IPv6) Contractual Language APPENDIX A: Sample Warranty Language Government may otherwise have under this contract with respect to defects other than IPv6 performance. DoD IPv6 Transition Office (DITO) A-7/8 8 October 2010; Version 2.0

8 Internet Protocol Version 6 (IPv6) Contractual Language APPENDIX B: Sample Waiver Internet Protocol version 6 (IPv6) Waiver. Purpose: The purpose of this waiver is to identify [Organization name:..] networks, systems, services, and applications, which cannot comply with the DoD mandated requirement to be IPv6 capable. 1.) Name(s) of networks, systems, services, and applications 2.) Organization Name Address 3.) Technical POC Point Of Contact Phone Number Address 4.) Management POC Point Of Contact Phone Number Address 5.) Description of networks, systems, services, and applications. 6.) Name all hardware and software system interfaces that are affected by this waiver. Particular attention should be made to any interface to the GIG. 7.) Provide justification for the wavier request. If possible classify your waiver request justification by one of the categories below categories. Hardware (host hardware not available or not upgradeable/replaceable by until specified timeframe) Software (software not available or not upgradeable/replaceable by specified timeframe) Technical (other technical issue preventing compliance with specified timeframe) Programmatic (Cost and/or schedule prohibits compliance to specified timeframe) Other 8.) Is there a transition/implementation plan in place to upgrade the system/product to be IPv6 capable? If so provide a copy of the plan. If there is not a plan indicate when procuring, acquiring or developing IPv6 capability is projected. 9.) Timeframe requested for waiver. PREPARED BY: OFFICE SYMBOL: DATE: DoD IPv6 Transition Office (DITO) B-8/8 8 October 2010; Version 2.0